Today’s Threat Landscape
Verizon’s Data Breach Investigation Report (DBIR) was recently released. Once again Vestige was an official Contributor to the report, and we are quite proud to be asked to assist in the data gathering that went into the DBIR. While confidentiality is key in our business, information sharing that has been cleansed of identifying information is how we can all better ourselves in this environment. The information gathered and reported allows us to see what happened in the past year and use those trends to help predict what is happening in the upcoming year. Namely, what we need to watch out for to protect ourselves.
What’s Going On In Cyber Now
But, hey, wouldn’t it be nice to hear about what is going on right now? Sure it would!
Unfortunately, Vestige has seen similar attacks to what has been going on over the past few years with some small changes. In order to fulfill a financial gain, the attackers are relying on either ransomware by means of crypto-viruses or they are engaging in business email compromise (BEC) attacks.
One area we have seen that is troublesome is how crypto-viruses leave no area that is safe. They will attempt to crawl into every computer, file share and drive that is in your environment. Now, this next part is important. About 10 years ago a shift began where companies abandoned backup tapes and moved towards disk backups. Speed, cost and ease of use fueled that shift. The problem is that the #1 effective tool to recover from crypto-viruses is to have good backups but now the crypto-viruses are attacking those disk backups that are just hanging as a USB drive off of a workstation or server. If you are in IT and reading this post, you need to check and see that you either have the security set on those external drives so that only limited administrative accounts can write to them (and no one in your organization uses those types of accounts daily) or you are swapping drives. If you are in management, you need to have a talk right now with IT about your backups and understand how they may be protected against crypto-viruses. Otherwise, when someone in your organization opens up the wrong file, you’ll be making your way to one of the more popular Bitcoin trading companies to pay your ransom.
Phishing emails aren’t the only way that crypto-viruses are spreading. Many organizations do not have adequate firewall preventions or leave ports open for Remote Desktop or other services. It is only a matter of time before Remote Desktop is exposed and successfully attacked. Merely changing the listening port for Remote Desktop is not adequate either. The cost to implement a basic firewall with end-point VPN services is 1/10th the cost of paying a ransom, and even cheaper when considering downtime.
We have seen an uptick in attacks with a genesis from third parties. Whether it is a vendor of yours that has access to your network or it is a managed service provider, it makes sense today to ask them what they are doing to protect not just themselves, but also your assets. Do they have adequate security policies in place and do they conduct IT security audits?
Enough about crypto-viruses, let’s talk about BEC – Business Email Compromises. You know, the type of situation where out of the goodness of someone’s heart you wire tens of thousands of dollars to a complete stranger? Yeah, that one. We have seen situations where the perpetrators of these actions are creating fake, but similarly named, domains and sending emails back and forth with both parties to get the payor to send their money to another account and keep the payee at bay with excuses as to the delays. But more and more, we are seeing these campaigns start with a phishing email to acquire someone’s credentials and then using the compromised mailbox to send the nefarious instructions. In this scenario, it can be very difficult to spot the issue because the emails, while penned by the bad guy, are coming from the actual account itself.
Tips To Protect Yourself
I suggest you spend some time reviewing the DBIR report. Then take to heart some of the suggestions above. As always, we are a simple call away to discuss any concerns you may have.
Ready for more? Browse additional articles in Technology!